CVE-2023-5345
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's SMB client component that allows local attackers to escalate privileges. The flaw occurs when an error in smb3_fs_context_parse_param frees memory but doesn't null the pointer, potentially leading to double-free conditions. Systems running vulnerable Linux kernel versions with SMB client functionality are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges, enabling complete system compromise, data theft, persistence establishment, and lateral movement.
Likely Case
Local user escalates to root privileges, allowing unauthorized access to sensitive data and system resources.
If Mitigated
Attack limited to users with local shell access; proper access controls prevent initial access.
🎯 Exploit Status
Requires local access and specific error conditions to trigger the use-after-free.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions including commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705
Vendor Advisory: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705
2. For RHEL/CentOS/Fedora: yum update kernel
3. For Ubuntu/Debian: apt update && apt upgrade linux-image-$(uname -r)
4. Reboot system to load new kernel
🔧 Temporary Workarounds
Disable SMB client module
linuxPrevent loading of the vulnerable SMB client kernel module
echo 'install cifs /bin/false' >> /etc/modprobe.d/disable-cifs.conf
rmmod cifs
Restrict local user access
linuxLimit shell access to trusted users only
usermod -s /sbin/nologin [username]
chsh -s /sbin/nologin [username]
🧯 If You Can't Patch
- Implement strict access controls to limit local user accounts
- Monitor for privilege escalation attempts and unusual root activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705 is present: git log --oneline | grep e6e43b8aa7cd3c3af686caf0c2e11819a886d705Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure commit is present: uname -r && git log --oneline | grep e6e43b8aa7cd3c3af686caf0c2e11819a886d705📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer activity related to SMB
- Unusual privilege escalation in audit logs
Network Indicators:
- Unexpected SMB client connections from localhost
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND "cifs" OR source="audit" AND "privilege" AND success🔗 References
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
- http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
